Another day, another bug!
LetsSaveMoney.com is a "money saving" site. It offers discounts on a wide range of products and services, and is financed through affiliate marketing.
My Trade Union, Prospect, has just launched a white-labelled "Members' Rewards" based on LetsSaveMoney - that's how I came across this bug.
It's a depressingly familiar story - do a search which includes some HTML and watch it being echoed back to the user.
I posted a report on XSSposed and alerted LetsSaveMoney via their "Contact Us" form.
Impressively, I received an email back a few minutes later. I provided the details over email and the site was fixed an hour later!
That's an excellent response time.
While I neither asked for, nor expected, a reward - I was delighted to receive an Xmas gift hamper as a token of their appreciation.